CX Guidelines | Updates stemming from 2024 Consent Review changes

[CDR-CX-Stream]

Description

In August 2024, the Treasury conducted a consultation on proposed consent and operational enhancement amendments to the CDR Rules. The DSB simultaneously consulted on Decision Proposal 350 to outline the expected changes to the standards to support the proposed rules.

This issue outlines the anticipated updates to the CX Guidelines that will be required to reflect the expected rules and standards changes.

The community are invited to provide feedback on these draft CX guideline changes ahead of any final rules or standards changes to expedite their release. Additional requests for guidance to support the proposed rules and standards can also be made in this thread.

The final CX guidelines will necessarily adjust to the final rules or standards, and as such these draft artefacts are subject to change and should not be interpreted as finalised guidance.

N.B. the draft CX guidelines only outline where a proposed rule and standards change has an associated user interface or consumer experience component. As noted in DP350, CDR agencies will not provide guidance on the proposed nominated representative changes until any relevant rules are made.

Intention and Value of Change

The DSB publishes CX guidelines to assist participants with implementation of the CDR. The publication of draft CX Guidelines will allow the community to provide feedback on proposed changes and seek further clarifications where necessary.

Consulting on these draft guidelines before the associated rules and standards are finalised will allow their release to be expedited to facilitate implementation. The final artefacts will be published on the CX Guidelines website pending this consultation and the making of any final rules and standards.

These draft guidelines will be discussed with CDR agencies in conjunction with this consultation to ensure alignment before publishing.

N.B. The CX guidelines shared in this issue are in draft state and represent proposed rules and standards that have not been made. These wireframes should not be taken as definitive guidance of compliance with the rules and should not be considered as legal or compliance references for the purposes of implementation.

Areas affected

Changes are expected to impact all variants in the following areas of the CX guidelines:

• Collection and use consent
• Disclosure consents
• Amending consent
• Consent management (data recipient)
• [NEW] Notifications: CDR receipts
• [NEW] Notifications: 90 day notifications

New item or change proposed

Many changes will be mirrored across multiple flows. For example, many of the draft changes to the default data recipient dashboard will be also reflected in the other data recipient dashboard guidance, such as for amended consents, disclosure consents and withdrawals. As such, we intend to consult on the following subset of flows:

• Collection and use consent: Default example

• Collection and use consent: Using outsourced service providers

• TA disclosure consent: Detached flow

• TA disclosure consent: Consolidated flow

• Amending consent: Business consumer disclosure consent

• Consent Management (Data recipient): Collection and use - Default example

• [NEW] Notifications: CDR Receipts

  • New CX artefacts and requirements relating to CDR Receipts. These artefacts provide implementation examples to reflect the proposed updated rules and new standards relating to CDR Receipts, including Notification Standards, CDR Receipts: Delivery and Notification Standards, CDR Receipts: Content.

• [NEW] Notifications: 90 day notifications

  • New CX artefacts and requirements relating to 90-day notifications. These artefacts provide implementation examples to reflect the proposed updated rules and new standards relating to 90-day notifications, including Notification Standards, 90-day notifications: Delivery and Notification Standards, 90-day notifications: Content.

• [NEWLY ADDED] AP Disclosure Consent: Bundled Flow

• [NEWLY ADDED] Business Consumer Disclosure Consent: Detached Flow

• [NEWLY ADDED] Business Consumer Disclosure Consent: Bundled Flow

Feedback

The DSB invites community feedback on these artefacts and any other CX guidelines seen as necessary to support the proposed August 2024 rules and associated data standards. This issue will be progressed in MI21.

---

⚠️ Disclaimer ⚠️
The CX Guidelines provide optional implementation examples for key rules, standards, and best practice recommendations.

They demonstrate key aspects of the consent model, but certain areas may be considered out of scope. This may include, for example, where the rules and/or standards are silent or non-prescriptive to provide CDR participants with flexibility or discretion according to their own systems or protocols.

❗The CX Guidelines span policy, rules, standards, and best practice, so requests will be considered on a case by case basis and timings may not fall within a Maintenance Iteration cycle.

Importantly, the CX Guidelines are optional to follow, but the CDR rules require CDR participants to have regard to them. The CX Standards differ in that they are binding data standards that must be followed.

---

• Edited 17.10.2024 to add consultation links and details for CDR Receipts and 90-day notification guidance
• Edited 22.11.2024 to add a consultation link and details for Consent Management (Data recipient): Collection and use - Default example
• Edited 10.12.2024 to add consultation links and details for Collection and use consent: Default example and Collection and use consent: Using outsourced service providers
• Edited 05.02.2025 to add consultation links and details for Trusted Adviser Disclosure Consents: Detached example and Trusted Adviser Disclosure Consents: Bundled example
• Edited 06.02.2025 to add consultation links and details for Amending consent: Business consumer disclosure consent, AP Disclosure Consent: Bundled Flow, Business Consumer Disclosure Consent: Detached Flow and Business Consumer Disclosure Consent: Bundled Flow

[CDR-CX-Stream]

We’re pleased to share for consultation the following draft guidance:

• [NEW] Notifications: CDR Receipts
  • New CX artefacts and requirements relating to CDR Receipts. These artefacts provide implementation examples to reflect the proposed updated rules and new standards relating to CDR Receipts, including Notification Standards, CDR Receipts: Delivery and Notification Standards, CDR Receipts: Content.
• [NEW] Notifications: 90 day notifications
  • New CX artefacts and requirements relating to 90-day notifications. These artefacts provide implementation examples to reflect the proposed updated rules and new standards relating to 90-day notifications, including Notification Standards, 90-day notifications: Delivery and Notification Standards, 90-day notifications: Content.

We invite community feedback via this thread. Your input, questions and comments will help us refine the guidance, allowing us to expedite their release following the finalisation of the rules and standards.

Please remember that this guidance is shared in draft state, representing proposed rules and standards that have not been made. This should not be taken as definitive guidance of compliance, and should not be considered as legal or compliance references for the purpose of implementation.

The original post has been updated to include these links.

[CDR-CX-Stream]

Following the making of the amended rules and new standards, the DSB has prepared additional draft guidance for community feedback.

In response to past requests for more descriptive information on what has changed in each release, we have provided draft Change Log wording below. We have also used symbols and markup in the annotations frame in Figma to help clarify what type of change has been made to the annotation. Please refer to the key at the top of the annotations frame for more details. Note that this format will only be used during this consultation window. Finalised and published guidance on the cx.cds.gov.au website will not include this level of detail. We seek feedback on the Change Log and marked up annotations, and whether participants find these valuable.

---

Consent Management (Data recipient): Collection and use - Default example

Updated CX artefacts and requirements relating to Consent Management (Data recipient): Collection and use - Default example. This includes:

• Visual, UI and Experiential updates to reflect the new rules and standards requirements, including updates to the dashboard information architecture to account for bundled consents, which may include both "incoming" and "outgoing" data requests
• Rules changes
  • new and updated rule references to reflect renumbered and reworded rules for ADR dashboards, including that the dashboard be readily accessible (new checklist item: 4CM1.00.43; updated checklist items: 4CM1.00.09, 4CM1.00.10, 4CM1.00.34).
  • the retirement of an existing rules requirement relating to CDR receipts due to its removal from the rules package (retired checklist item: 4CM1.00.08)
• Standards changes
  • new CX standard relating to CDR Receipt delivery (new checklist reference 4CM1.00.44)
• Guidelines changes
  • updates to existing CX guidelines to reflect updated rules references and minor wording and formatting changes (updated checklist items: 4CM1.00.40, 4CM1.00.41)
  • the proposed retirement of an existing CX guideline to help streamline the dashboard, removing detail previously recommended—but not required—to be included. This is intended to align with the government’s objectives of increasing CDR uptake and reducing obligations for CDR participants (proposed to be retired checklist reference 4CM1.00.39)

---

We invite community feedback via this thread.

Please remember that this guidance is shared in draft state. This should not be taken as definitive guidance of compliance, and should not be considered as legal or compliance references for the purpose of implementation.

The original post has been updated to include these links.

The CX team are working to finalise additional draft CX guidelines to reflect the published rules. These will be posted here in the coming weeks for community input.

[CDR-CX-Stream]

The DSB has prepared additional draft guidance for community feedback.

As outlined in the previous comment, we are providing draft Change Log, as well as using symbols and markup in the annotations frame in Figma to help clarify what type of change has been made to the annotation. We seek feedback on whether participants find these artefacts valuable for consultation.

---

Collection and Use: Default example

Updated CX artefacts and requirements relating to Collection and Use Consent: Default example. This includes:

• Visual, UI and Experiential updates to reflect the new rule and standard requirements
• Rules changes
  • new annotations relating to:
    • information that must be given to a consumer during the consent process (new checklist reference 1CO.02.51)
    • CDR Receipts (new checklist reference 1CO.02.52)
  • updates to existing rules requirements relating to requirements for:
    • seeking consent including bundling (updated checklist references 1CO.00.03, 1CO.00.04, 1CO.02.08 and 1CO.02.22)
    • allowing data recipients to seek agreement to certain consent elements as presented to the consumer (updated checklist references 1CO.02.06, 1CO.02.09, 1CO.02.10 and 1CO.02.12)
    • information that must be given to the consumer during consent (updated checklist references 1CO.02.07 and 1CO.02.15)
    • CDR Receipts (updated checklist reference 1CO.02.23)
  • the retirement of existing rules requirements due to their removal from the rules (retired checklist references 1CO.02.14, 1CO.02.24 and 1CO.02.25)
  • the proposed retirement of rules annotations that — while not removed from the rules package — have been removed from this artefact for simplicity, or because they are no longer relevant to the flow (proposed to be retired checklist references 1CO.01.01, 1CO.02.16, 1CO.02.17, 1CO.02.20 and 1CO.02.21)
• Standards changes
  • new CX standard relating to CDR Receipt delivery (new checklist reference 1CO.02.53)
  • the proposed retirement of standards annotations that — while not removed from the standards — have been removed from this artefact to simplify the consent flow (proposed to be retired checklist references 1CO.02.44 and 1CO.02.45)
• Guidelines changes
  • new CX guidelines relating to CDR Receipt delivery and the transitional provisions for CDR Receipts (new checklist references 1CO.02.54 and 1CO.02.55)
  • proposed updates to existing CX guidelines to better clarify expectations (proposed to be updated checklist references 1CO.02.35, 1CO.02.36, 1CO.02.40)
  • the proposed retirement of CX guidelines and standards to help streamline the consent flow by removing detail previously recommended, but not required, to be included in the consent flow, to align with the government’s objectives of increasing CDR uptake and reducing obligations for CDR participants (proposed to be retired checklist references 1CO.02.38, 1CO.02.39, 1CO.02.42, 1CO.02.43, 1CO.02.44 and 1CO.02.46)

Collection and Use: Using outsourced service providers

Updated CX artefacts and requirements relating to Collection and Use Consent: Using outsourced service providers. This includes:

• Visual, UI and Experiential updates to reflect the new rule and standard requirements
• Rules changes
  • new rule requirement relating to the transitional provision for information about OSPs that must be given during consent (new checklist reference 1CO.03a.07)
  • updates to existing rules requirements relating to information that must be given during the consent flow about OSPs (updated checklist reference 1CO.03a.02)
• Guidelines changes
  • new CX guidelines to:
    • recommend appropriate interventions to mitigate cognitive load in relation to information about OSPs (new checklist reference 1CO.03a.08)
    • clarify the transitional provision relating to the amended rules for information that must be given during the consent flow about OSPs (new checklist reference 1CO.03a.09)
  • updates to existing CX guidelines to better align to the updated rules requirements (updated checklist reference 1CO.03a.03)
  • retirement of existing CX guidelines which were made redundant by the updated rules requirements, which now require this information to be shown (retired checklist references 1CO.03a.04 and 1CO.03a.05)

---

We invite community feedback via this thread.

Please remember that this guidance is shared in draft state. This should not be taken as definitive guidance of compliance, and should not be considered as legal or compliance references for the purpose of implementation.

The original post has been updated to include these links.

[CDR-CX-Stream]

We have made minor amendments to annotations in the following flows, primarily to clarify transitional provisions and effective dates.

[NEW] Notifications: CDR Receipts

• added new CDR Rule annotation (02) for the transitional provisions for CDR Receipts
• updated 2 Standards annotations (03 and 04) to include a statement outlining the effective date of the new CDR Receipt standards
• added new CX Guideline annotation (06) clarifying the transitional provisions dates
• added new CX Guideline annotation (08) outlining that data recipients should send CDR Receipts via the consumer’s preferred delivery channels.
• updated annotation numbering for all other annotations

[NEW] Notifications: 90 day notifications

• added new CDR Rule annotation (02) for the transitional provisions for 90-day notifications
• updated 2 Standards annotations (03 and 04) to include a statement outlining the effective date of the new 90-day notification standards
• added new CX Guideline annotation (05) clarifying the transitional provision dates
• updated annotation numbering for all other annotations

Collection and Use: Using outsourced service providers

• updated CDR Rule annotation (07) and CX Guideline annotation (09) to include Competition and Consumer (Consumer Data Right) Amendment (2024 Measures No. 1) Rules 2024 in the rules reference

[CDR-CX-Stream]

The DSB has prepared additional draft guidance for community feedback.

As outlined in previous comments, we are providing draft Change Log, as well as using symbols and markup in the annotations frame in Figma to help clarify what type of change has been made to the annotation. We seek feedback on whether participants find these artefacts valuable for consultation.

Trusted Adviser Disclosure Consent: Detached Flow – Default example

Updated CX artefacts and requirements relating to Trusted Adviser Disclosure Consent: Detached Flow – Default example. This includes:

• Visual, UI and Experiential updates to reflect the new rule and standard requirements
• Rules changes
  • new annotations relating to:
    • information that must be given to a consumer during the consent process (new checklist reference 1CO3.00.36)
    • allowing data recipients to seek agreement to certain consent elements as presented to the consumer (new checklist reference 1CO3.00.37)
    • transitional provisions for CDR Receipts (new checklist reference 1CO3.00.38)
  • updates to existing rules requirements relating to requirements for:
    • seeking consent including bundling (updated checklist references 1CO3.00.01)
    • allowing data recipients to seek agreement to certain consent elements as presented to the consumer (updated checklist references 1CO3.00.02 and 1CO3.00.05)
    • CDR Receipts (updated checklist reference 1CO3.00.06)
  • the retirement of existing rules requirements due to their removal from the rules (retired checklist references 1CO3.00.07 and 1CO3.00.08)
• Standards changes
  • new CX standard relating to CDR Receipt delivery (new checklist reference 1CO3.00.39)
• Guidelines changes
  • new CX guidelines relating to:
    • when the TA selection step should be included or omitted (new checklist reference 1CO3.00.40)
    • CDR Receipt delivery and the transitional provisions for CDR Receipts (new checklist references 1CO3.00.41 and 1CO3.00.42)
  • proposed updates to existing CX guidelines to better clarify expectations (proposed to be updated checklist reference 1CO3.00.29)
  • the proposed retirement of CX guidelines relating to CDR Receipts (proposed to be retired checklist reference 1CO3.00.31)

Trusted Adviser Disclosure Consent: Bundled Flow

Updated CX artefacts and requirements relating to Trusted Adviser Disclosure Consent: Bundled Flow. This includes:

• Visual, UI and Experiential updates to reflect the new rule and standard requirements
• Rules changes
  • new annotations relating to:
    • seeking consent including bundling (new checklist reference 1CO3.01.35)
    • information that must be given to a consumer during the consent process (new checklist reference 1CO3.01.36)
    • allowing data recipients to seek agreement to certain consent elements as presented to the consumer (new checklist reference 1CO3.01.37)
    • transitional provisions for CDR Receipts (new checklist reference 1CO3.01.38)
  • updates to existing rules requirements relating to requirements for:
    • allowing data recipients to seek agreement to certain consent elements as presented to the consumer (updated checklist references 1CO3.01.01 and 1CO3.01.03)
    • seeking consent including bundling (updated checklist reference 1CO3.01.04)
    • CDR Receipts (updated checklist reference 1CO3.01.05)
  • the retirement of existing rules requirements due to their removal from the rules (retired checklist references 1CO3.01.06 and 1CO3.01.07)
• Standards changes
  • new annotation of existing CX standard relating to the Collection Source (new checklist reference 1CO3.01.39)
  • new CX standard relating to CDR Receipt delivery (new checklist reference 1CO3.01.40)
  • the proposed retirement of standards annotations that — while not removed from the standards — have been removed from this artefact to simplify the consent flow (proposed to be retired checklist references 1CO3.01.13 and 1CO3.01.14)
• Guidelines changes
  • new CX guidelines relating to:
    • when the TA selection step should be included or omitted (new checklist reference 1CO3.01.41)
    • CDR Receipt delivery and the transitional provisions for CDR Receipts (new checklist references 1CO3.01.42 and 1CO3.01.43)
    • when the DH selection might occur (new checklist references 1CO3.01.44 and 1CO3.01.45)
  • proposed updates to existing CX guidelines to better clarify expectations (proposed to be updated checklist references 1CO3.01.27 and 1CO3.01.33)

---

We invite community feedback via this thread.

Please remember that this guidance is shared in draft state. This should not be taken as definitive guidance of compliance, and should not be considered as legal or compliance references for the purpose of implementation.

The original post has been updated to include these links.

---

Edited 6 February 2025 to add 2 additional CX Guidelines relating to when the DH selection might occur in the Trusted Adviser Disclosure Consent: Bundled flow (new checklist references 1CO3.01.44 and 1CO3.01.45)

[CDR-CX-Stream]

The DSB has prepared additional draft guidance for community feedback.

As outlined in previous comments, we are providing draft Change Logs, as well as using symbols and markup in the annotations frame in Figma to help clarify what type of change has been made to the annotation. We seek feedback on whether participants find these artefacts valuable for consultation.

Amending consent: Business consumer disclosure consent

Updated CX artefacts and requirements relating to Amending consent: Business consumer disclosure consent. This includes:

• Visual, UI and Experiential updates to reflect the new rule and standard requirements
• Rules changes
  • updates to existing rules requirements relating to requirements for:
    • allowing data recipients to seek agreement to certain consent elements as presented to the consumer (updated checklist references 1CO2.02.09, 1CO2.02.11, 1CO2.02.12 and 1CO2.02.15)
    • CDR Receipts (updated checklist reference 1CO2.02.18)
  • the retirement of existing rules requirements due to their removal from the rules (retired checklist references 1CO2.01.16, 1CO2.01.17 and 1CO2.01.19)
• Standards changes
  • new CX standard relating to amending consent changing attributes (new checklist reference 1CO2.02.35)
  • new CX standard relating to CDR Receipt delivery (new checklist reference 1CO2.02.36)
• Guidelines changes
  • new CX guidelines relating to:
    • the fact that individuals without an active ABN cannot be treated as a CDR business consumer (new checklist reference 1CO2.02.37)
    • period of consent for CDR business consumers (new checklist references 1CO2.02.38 and 1CO2.02.39)
    • CDR Receipt delivery and the transitional provisions for CDR Receipts (new checklist references 1CO2.02.40 and 1CO2.02.41)
  • the proposed retirement of CX guidelines relating to amended attributes (proposed to be retired checklist reference CO2.02.33)
  • the proposed retirement of CX guidelines relating to CDR Receipts (proposed to be retired checklist reference 1CO2.02.34)

Business Consumer Disclosure Consent: Detached Flow

Updated CX artefacts and requirements relating to Business Consumer Disclosure Consent: Detached Flow – Default example. This includes:

• Visual, UI and Experiential updates to reflect the new rule and standard requirements
• Rules changes
  • new annotations relating to:
    • information that must be given to a consumer during the consent process (new checklist reference 1CO5.00.38)
    • allowing data recipients to seek agreement to certain consent elements as presented to the consumer (new checklist reference 1CO5.00.39)
    • transitional provisions for CDR Receipts (new checklist reference 1CO5.00.40)
  • updates to existing rules requirements relating to requirements for:
    • seeking consent including bundling (updated checklist reference 1CO5.00.01)
    • allowing data recipients to seek agreement to certain consent elements as presented to the consumer (updated checklist references 1CO5.00.04, 1CO5.00.11 and 1CO5.00.14)
    • CDR Receipts (updated checklist reference 1CO5.00.15)
  • the retirement of existing rules requirements due to their removal from the rules (retired checklist references 1CO5.00.16 and 1CO5.00.17)
• Standards changes
  • new CX standard relating to CDR Receipt delivery (new checklist reference 1CO5.00.41)
• Guidelines changes
  • new CX guidelines relating to:
    • the fact that individuals without an active ABN cannot be treated as a CDR business consumer (new checklist reference 1CO5.00.42)
    • when the non-AP selection step should be included or omitted (new checklist reference 1CO5.00.43)
    • CDR Receipt delivery and the transitional provisions for CDR Receipts (new checklist references 1CO5.00.44 and 1CO5.00.45)
  • proposed updates to existing CX guidelines to simplify and better clarify expectations (proposed to be updated checklist references 1CO5.00.30 and 1CO5.00.35)
  • the proposed retirement of CX guidelines relating to information that has been consolidated with other guidelines (proposed to be retired checklist reference 1CO5.00.31, see updated checklist reference 1CO5.00.30)

Business Consumer Disclosure Consent: Bundled Flow

New CX artefacts and requirements relating to bundled collect, use and business consumer disclosure consents. These artefacts provide implementation examples to reflect the updated rules relating to seeking consent.

Accredited Person Disclosure Consent: Bundled Flow

New CX artefacts and requirements relating to bundled collect, use and disclosure consents for accredited persons. These artefacts provide implementation examples to reflect the updated rules relating to seeking consent.

---

Please remember that this guidance is shared in draft state. This should not be taken as definitive guidance of compliance, and should not be considered as legal or compliance references for the purpose of implementation.

The original post has been updated to include these links.

[CDR-CX-Stream]

The CX team has now posted the last draft CX Guidelines wireframes and Change Logs to this ticket for consultation. Please refer to the earlier comments for details of the draft flows, including draft change logs. The final list of wireflows for consultation are:

• Collection and use consent: Default example
• Collection and use consent: Using outsourced service providers
• TA disclosure consent: Detached flow
• TA disclosure consent: Consolidated flow
• Amending consent: Business consumer disclosure consent
• Consent Management (Data recipient): Collection and use - Default example
• Business Consumer Disclosure Consent: Detached Flow
• [NEW] Notifications: CDR Receipts
• [NEW] Notifications: 90 day notifications
• [NEW] AP Disclosure Consent: Bundled Flow
• [NEW] Business Consumer Disclosure Consent: Bundled Flow

We now seek any final feedback or questions from the community on the flows shared by COB, Thursday 20 February 2025. After this date, the CX team will action any feedback received and finalise the flows. The CX team aims to update all CX Guidelines on the CX Guidelines website (including flows not consulted on as part of this CR) by mid-March 2025.

Please note that these flows are still in draft format and are subject to change before being published on the CX Guidelines website.

Thank you for your continued engagement.

[MastercardOpenBankingAustralia]

Mastercard welcomes the opportunity to comment on this proposal.

We note that Proposed CX Guideline 30 in the Business Consumer Disclosure Consent: Detached Flow indicates that requirements related to non‐accredited persons may be presented at any appropriate point in the consent flow.

However, other CX standards appear to require that specific elements be provided within the consent flow itself. For example, CX Standard 25 mandates that Data Recipients advise consumers to review how non‐accredited persons will handle their data.

If the intent is to allow some required elements to appear before consent or in CDR receipts or consumer dashboards rather than within the consent flow, we recommend that this be clearly stated. Conversely, if this is not the case, we also suggest clarifying the requirements accordingly. We note that similar CX Guidelines already exist (for example in the Business Consumer Disclosure Consent: Bundled Flow and the Trusted Advisor Disclosure Consent flows).

[CDR-CX-Stream]

We are no longer accepting comments on this CR. Thank you everyone for your engagement.

@MastercardOpenBankingAustralia, thank you for your question, we will come back to you with a clarification shortly.

While no further comments will be considered before the guidelines are updated, CDR participants are welcome to create Change Requests asking for new or updated CX Guidelines, or clarifications to existing guidance, at any time. These will be considered and actioned as part of the usual maintenance iteration cycles. For more information, see the knowledge article on the CX Guidelines Consultation process.

We will begin updating CX Guidelines on the cx.dsb.gov.au website over the coming weeks. When new and revised Guidelines are published, these will be noted in the home page's Announcements section.

We will close this thread once all updated guidelines are published.